Insight for Active Directory logs LDAP traffic in a two-paned window

Active Directory was hailed as a revolutionary new administrative tool when it debuted in Microsoft's Windows 2000 server products. Further refined in Windows Server 2003, there's no doubt Active Directory has changed the way information technology professionals administer networks.

Despite all its benefits including simplified user and resource administration, enhanced security, and improved productivity Active Directory occasionally creates administration nightmares of its own. Several third-party tools exist to help configure and maintain Windows directory services. Winternals includes a pair of such utilities in its Administrator's Pak version 5.0.

Insight for Active Directory assists IT professionals in diagnosing configuration problems and troubleshooting the directory services' interaction with other applications. The utility works by listing the Lightweight Directory Access Protocols (LDAP) calls Active Directory receives from any system within a domain, thereby enabling administrators to track Active Directory activity.

To run Insight for Active Directory, you need not sit down locally at a server. Insight for Active Directory runs on Windows 2000 operating systems, as well as Windows XP and Windows Server 2003. You must possess Administrator rights to view or log on to systems to operate Insight for Active Directory.

Once Winternals Administrator's Pak is installed on a system, click Start | Programs | Winternals Administrator's Pak and select Insight for Active Directory. The utility will begin logging LDAP traffic, as soon as you specify where logging should occur.

Insight for Active Directory includes a wide variety of Transaction types that can be filtered. Filtering events helps reduce the number of incidents you must wade through when searching Active Directory for particular transactions

Connect to the local server's Active Directory services by clicking Computer | Connect Local (or using the CTRL M shortcut); connect to a remote systems Active Directory services by clicking Computer | Connect (or using the CTRL R shortcut).

Insight for Active Directory begins capturing the Active Directory events it logs by default. The tools logging is started and stopped by clicking File | Capture (or using the CTRL E keyboard combination).

Active Directory event capturing can be run on multiple systems simultaneously. Open multiple windows to better monitor multiple capture sessions by clicking File | New Window (or using the CTRL N keyboard shortcut). Note that only a single system's activity can be logged in a single window.

Active Directory creates numerous events fast, particularly on larger networks. As a result, you may find it necessary (or helpful) to filter captured events as you hunt particular culprits, services or actions within Active Directory.

To filter the events Insight for Active Directory lists, click the Filter button to reveal the Event Filters dialog box. Specify the items you wish to include and exclude and click OK; Insight for Active Directory will adjust its display accordingly.

Additional information associated with a logged Active Directory event can be obtained by right-clicking a logged transaction and selecting Properties

Within its main window Insight for Active Directory provides information about each event, including a sequence number, the process that generated the event, the request type, input value and more. Right-clicking an event and selecting Properties displays additional information about an Active Directory incident, including the name of the program (and its publisher) that generated the event, the associated file path, user and more, as shown above.

Tracking specific users, programs and commands that access Active Directory can save valuable time in pinpointing the cause of specific failures or configuration errors. Further, events related to an incident or transaction can be reviewed by highlighting an event, right-clicking it and selecting View Related Events. So, too, can events related to the same triggering session be viewed; click View Session Events after right-clicking an item to review other Active Directory transactions generated by the same session.

In case you wish to review captured Active Directory information offline, Insight for Active Directory supports creating logs. Simply click File | Save to create a trace file that can be viewed later by clicking File | Open. Should you prefer reviewing captured Active Directory events in another application, such as a Microsoft Excel spreadsheet, instead click File and select Export To A Text File.

Another option is to view an HTML report Insight for Active Directory creates. Click View and select HTML Reports. Specify the level of detail you wish to receive and Insight for Active Directory will then build an HTML report listing the resulting captured events. The HTML Reports option is particularly helpful, as it includes hyperlinks (for numerous request types) to Microsoft MSDN pages that provide additional information regarding the respective events.

To run AD Explorer, you must possess Administrator rights to view or log system activity and be running the utility on a Windows 2000, Windows XP or Windows Server 2003 system. Begin using AD Explorer by clicking Start | Programs | Winternals Administrator's Pak and clicking AD Explorer.

When you first start AD Explorer, you must specify the domain you wish to connect to and a username and password with the administrator rights on that system. To connect to a different domain, click File | Connect.

AD Explorer features a two-paned window. Objects appear in the left pane, while attributes appear in the right.

AD Explorer simplifies editing Active Directory attributes

Rather than monitoring Active Directory events, AD Explorer enables searching Microsoft's hierarchical database for specific objects and attributes. Further, administrators can right-click attributes and edit them, as shown above, by selecting Modify from the resulting pop-up menu. Right-clicking objects allows an administrator to review additional information about the object, as well as rename it. Among the data that can be gleaned by right-clicking an object and selecting Properties is its distinguished name, object class and schema.

Active Directory can make your day. Its simplified interface (remember having to negotiate Windows NT Server's User Manager utility?) offers a much more efficient method of managing an organization's users, groups and resources than was previously available. But as with any complex tool, Active Directory occasionally misbehaves. Or, administrators are only human; they sometimes make configuration mistakes. Leveraging the features and capabilities of Winternals' Active Directory tools helps pinpoint problems and return systems to efficient use.

Insight for Active Directory logs LDAP traffic in a two-paned window

Active Directory was hailed as a revolutionary new administrative tool when it debuted in Microsoft's Windows 2000 server products. Further refined in Windows Server 2003, there's no doubt Active Directory has changed the way information technology professionals administer networks.

Despite all its benefits including simplified user and resource administration, enhanced security, and improved productivity Active Directory occasionally creates administration nightmares of its own. Several third-party tools exist to help configure and maintain Windows directory services. Winternals includes a pair of such utilities in its Administrator's Pak version 5.0.

Insight for Active Directory assists IT professionals in diagnosing configuration problems and troubleshooting the directory services' interaction with other applications. The utility works by listing the Lightweight Directory Access Protocols (LDAP) calls Active Directory receives from any system within a domain, thereby enabling administrators to track Active Directory activity.

To run Insight for Active Directory, you need not sit down locally at a server. Insight for Active Directory runs on Windows 2000 operating systems, as well as Windows XP and Windows Server 2003. You must possess Administrator rights to view or log on to systems to operate Insight for Active Directory.

Once Winternals Administrator's Pak is installed on a system, click Start | Programs | Winternals Administrator's Pak and select Insight for Active Directory. The utility will begin logging LDAP traffic, as soon as you specify where logging should occur.

About Erik Eckel

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

Full Bio

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president of Eckel Media Corp., a communications company specializing in public relations and technical authoring projects.